Method and apparatus for detecting incorrect responses to network queries

ABSTRACT

A system that determines if a DNS server suffers from a particular known functional limitation. During operation, the system sends an exploratory query to the DNS server, wherein the exploratory query is specially constructed so as to detect the existence of a functional limitation in the DNS server without causing the DNS server to fail. Next, the system receives an answer to the exploratory query from the DNS server. If the DNS server gives an incorrect response, the system can take actions as may be desired for the implementation. For example, the system may display a message identifying the functional limitation, or the system may establish a mode of operation where it avoids performing those types of DNS queries known to present a risk of crashing the particular Internet gateway.

RELATED APPLICATION

This application is a continuation of, and hereby claims priority under35 U.S.C. §120 to, pending U.S. patent application Ser. No. 11/445,609,entitled “Method and Apparatus for Detecting Incorrect Responses toNetwork Queries,” by inventor Stuart D. Cheshire, filed on 02 Jun. 2006(atty. docket no. APL-P3624US2), which is hereby incorporated byreference.

BACKGROUND Field of the Invention

The present invention relates to techniques for detecting incorrectresponses to network queries. More specifically, the present inventionrelates to a method and apparatus for using a test query to detectwhether an Internet gateway device's configured domain-name system (DNS)server incorrectly responds to network queries.

Related Art

Internet Service Providers (ISPs) typically provide a single InternetProtocol (IP) address per Internet connection account, which wouldconventionally imply that only one Internet-enabled device per accountcan be coupled to the ISP's network at any given time. This isunfortunate, given that today many households have multiple computersand other Internet-enabled devices that the customer may desire to haveconnected to the ISP's network concurrently.

A common solution to this Internet connection-sharing problem is to usea Network Address Translation (NAT) device (commonly called an “Internetgateway”) to share a single IP address with multiple Internet-enableddevices, which are coupled to the Internet gateway through a local areanetwork (LAN). Note that an Internet gateway can include wired Internetgateways and wireless Internet gateways. Furthermore, note that theInternet gateway can be implemented in a number of ways, including butnot limited to: (1) a desktop or a laptop computer system coupled to theInternet, which is configured to share the Internet connection withdevices on the LAN; or (2) a standalone device coupled to the Internet,which is configured to share the Internet connection with devices on theLAN. The Internet gateway device typically has at least two physicalinterfaces and two Internet addresses: a public one that is used tocommunicate with the ISP's network, and a private internal one that isused to communicate with devices on the LAN. From the point of view ofan outside observer, all the customer's local computers and otherInternet-enabled devices are made to appear as a single device with asingle public IP address.

If the Internet gateway is configured to offer Dynamic HostConfiguration Protocol (DHCP) service to the customer's devices, theInternet gateway usually assigns a private IP address to eachInternet-enabled device coupled to the Internet gateway. The Internetgateway also provides its own LAN IP address to these Internet-enableddevices as both the default gateway to which they should send outboundIP packets, and the default DNS server to which they should send DNSqueries. Since usually the Internet gateway is not, itself,authoritative for any DNS domains, all it does with received DNS queriesis forward them on to a more knowledgeable DNS server elsewhere,typically one operated by the customer's ISP.

When communicating with services on the Internet, a client device sendsIP packets via the Internet gateway. The Internet gateway rewrites thesource IP address in each packet to be the common shared public IPaddress, and then forwards it through the ISP's network to the Internet.During this process, the Internet gateway typically keeps track of whichpacket was sent by which local Internet-enabled device, so that whenresponse packet(s) return from the Internet via the ISP's network to theInternet gateway, the Internet gateway is able to route those responsepackets to the appropriate Internet-enabled device that originated thecorresponding outgoing request packet.

For example, FIG. 1 illustrates an Internet gateway 104, which iscoupled both to network 102 and local network 106. Local network 106couples Internet gateway 104 with computers 108, 110, and 112, andEthernet device 114. Network 102 can generally include any type of wiredor wireless communication channel capable of coupling together computingnodes. This includes, but is not limited to, a local area network, awide area network, or a combination of networks, such as the Internet.

An Internet gateway (or any other Internet sharing device) such asInternet gateway 104, typically includes a mechanism for forwarding DNSqueries to DNS servers which can provide answers to the DNS queries.This mechanism allows Internet gateway 104 to function as the default“configured DNS server” for all devices on local network 106.

Note that a “configured DNS server” can include any DNS-enabled devicewhich can return a response to a DNS query, such as (1) an authoritativeDNS server, (2) a recursive DNS server, and (3) a forwarding DNS server.An authoritative DNS server answers DNS queries directed to a domain ora set of domains that have been delegated to the authoritative DNSserver. In doing so, the authoritative DNS server maintains DNS recordsfor the delegated domain or set of domains, and is the only type of DNSserver that can answer authoritatively for the delegated domain or setof domains.

A recursive DNS server (a DNS cache) receives DNS queries, and performsqueries to lookup the requested domain. When an answer is received froman authoritative DNS server or from another recursive DNS server, therecursive DNS server caches the answer in its local DNS cache. If aquery is made for a DNS record which was previously-cached in the localDNS cache, the recursive DNS server uses the cached information toanswer the DNS query instead of performing another DNS query.

A forwarding DNS server (a DNS relay) forwards DNS queries to either arecursive DNS server or to an authoritative DNS server. As mentionedabove, Internet gateways typically contain simple DNS relays, whichfunction as the “configured DNS server” for local devices thatcommunicate through the Internet gateway.

Although Internet gateways are typically able to enable multipleInternet-enabled devices to share a single Internet connectionsuccessfully, some of these Internet gateways have functionallimitations. One such functional limitation causes the Internet gatewayto incorrectly handle the forwarding of valid DNS queries to DNSservers. Furthermore, such functionally-limited Internet gateways cancrash and completely cease functioning when processing certain valid DNSqueries, thereby disrupting their ability to perform their intendedfunction, namely providing Internet access to local computers andsimilar Internet-enabled devices.

Hence, what is needed is a method and an apparatus to determine if aconfigured DNS server suffers from this particular known functionallimitation so that the client can determine when it should avoidperforming those certain valid DNS queries that are known to have a highlikelihood of crashing that particular device.

SUMMARY

One embodiment of the present invention provides a system thatdetermines if a DNS server suffers from a particular known functionallimitation. During operation, the system sends an exploratory query tothe DNS server, wherein the exploratory query is specially constructedso as to detect the existence of a functional limitation in the DNSserver without causing the DNS server to fail. Next, the system receivesan answer to the exploratory query from the DNS server. If the DNSserver gives an incorrect response, the system can take actions as maybe desired for the implementation. For example, the system may display amessage identifying the functional limitation, or the system mayestablish a mode of operation where it avoids performing those types ofDNS queries known to present a risk of crashing the particular Internetgateway.

In a variation on this embodiment, if the answer does not indicate thata functional limitation exists, the system concludes that the DNS serverdoes not have the functional limitation that the special query wasconstructed to detect.

In a variation on this embodiment, the DNS server can include: a DNSserver, a DNS cache, or a DNS relay.

In a further variation, the exploratory query is constructed so as tonot cause the DNS server to communicate with a DNS root name serverwhether or not the functional limitation exists.

In a further variation, the special query is a “reverse-lookup” DNSquery for a name that is a sub-domain of the “reverse-lookup” DNS namefor the IP loopback address.

In a further variation, the exploratory query is for a name that shouldbe known locally by the DNS server to have no records, without recourseto outside authority.

In a further variation, the format for the exploratory query is for thename “1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.”

In a further variation, if the answer to the exploratory query indicatesthat a domain name specified in the exploratory query does not exist,the system concludes that the DNS server does not have the functionallimitation that the exploratory query was constructed to detect.

In a variation on this embodiment, the remedial action involvesdisabling a networking feature in an application which would cause it toissue DNS queries that have the potential to crash the DNS server.

In a further variation, the networking feature is Wide Area Bonjour,which allows clients to discover network services on a network.

One embodiment of the present invention provides a computer-readablestorage medium storing instructions that when executed by a computercause the computer to perform a method for determining if a domain namesystem (DNS) server is functionally-limited. When executed, theinstructions cause the computer to send an exploratory query to the DNSserver, wherein the exploratory query is specially constructed so as todetect the existence of a functional limitation in the DNS serverwithout causing the DNS server to crash or otherwise fail in adisruptive manner. The instructions then configure the computer toreceive an answer to the exploratory query from the DNS server. If theanswer indicates that a functional limitation exists in the DNS server,the instructions cause the computer to perform a remedial action.

One embodiment of the present invention provides a method fordetermining if a domain name system (DNS) server isfunctionally-limited. During operation, the method sends an exploratoryquery to the DNS server, wherein the exploratory query is speciallyconstructed so as to detect the existence of a flaw functionallimitation in the DNS server without causing the DNS server to fail.Next, the method receives an answer to the exploratory query from theDNS server. If the answer indicates that a flaw functional limitationexists in the DNS server, the method performs a remedial action.

One embodiment of the present invention provides a system that tests adomain-name (DNS) server to determine if the DNS server exhibits afunctional limitation. During operation, the system transmits a testquery to the DNS server, wherein the test query is constructed to prompta first response if the functional limitation exists on the DNS server,and a second response if the functional limitation does not exist onsaid DNS server. Next, the system receives a response to the test queryfrom the DNS server. The system then determines whether the functionallimitation exists on the DNS server.

One embodiment of the present invention provides a system that evaluatesthe response of a local area network (LAN) domain-name server (DNS)coupled to a wide-area network (WAN) to a query of a type known to causean undesired operation in some DNS servers. During operation, the systemtransmits a test query from a client on the LAN to the LAN DNS server,wherein the query is constructed to generate a first response from theDNS server if the DNS server is of a configuration known to exhibit theundesired operation, and to generate a second response if the DNS serveris not of a configuration known to exhibit the undesired response. Next,the system receives the response from the DNS server at a LAN client.The system then determines whether the DNS server is of a type known toexhibit the undesired operation. If so, the system performs a remedialaction at the client in response to the determination.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 illustrates an Internet gateway coupled to a network.

FIG. 2 presents a flow chart illustrating the process of determining ifa configured DNS server suffers from a particular known functionallimitation in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION

The following description is presented to enable any person skilled inthe art to make and use the invention, and is provided in the context ofa particular application and its requirements. Various modifications tothe disclosed embodiments will be readily apparent to those skilled inthe art, and the general principles defined herein may be applied toother embodiments and applications without departing from the spirit andscope of the present invention. Thus, the present invention is notlimited to the embodiments shown, but is to be accorded the widest scopeconsistent with the principles and features disclosed herein.

The data structures and code described in this detailed description aretypically stored on a computer-readable storage medium, which may be anydevice or medium that can store code and/or data for use by a computersystem. This includes, but is not limited to, magnetic and opticalstorage devices such as disk drives, magnetic tape, CDs (compact discs)and DVDs (digital versatile discs or digital video discs).

Configured DNS Server Functional Limitation

Some configured DNS servers that reside within Internet gateways havefunctional limitations that can produce incorrect answers or can causethe Internet gateway to crash. (Note that a configured DNS server caninclude any DNS-enabled device including a DNS server, a DNS relay, or aDNS cache.) Such functionally-limited configured DNS servers assume thatif a client performs a PTR-type DNS query, the only possible request theclient is making is to perform an IPv4 “reverse lookup” DNS query,translating from an IP address to a name.

An example of a properly-formed IPv4 “reverse-lookup” domain name queryis “2.1.168.192.in-addr.arpa.” This query and ones like it may beperformed by software, or by the user with a DNS utility such as“nslookup”. The nslookup command and arguments for this example are:“nslookup−q=ptr 2.1.168.192.in-addr.arpa.” In this example, the DNSquery type is PTR and the DNS query is “2.1.168.192.in-addr.arpa.” Notethat a PTR query is frequently a “reverse-lookup” DNS query, whichperforms a mapping from an IP address to a corresponding domain name.However, other properly-formed DNS queries are possible even though theymay not make any sense. For example, the PTR-type DNS query“2.1.168.192.nonsense.” is a properly-formed DNS query, but does notyield any answer records since the top-level domain “nonsense” does notactually exist. Note that the domain “in-addr.arpa” is the proper domainsuffix to use when performing a “reverse lookup” DNS query.

Some functionally-limited Internet gateways examine only the first fourlabels of the PTR-type DNS query (“labels” in a domain name are thegroups of characters separated by periods) and ignore the remainder ofthe name. In the “2.1.168.192.nonsense.” example, the first four labelsare “2.1.168.192.” Therefore, for these functionally-limited Internetgateways, the PTR-type DNS query “2.1.168.192.nonsense.” isindistinguishable from the PTR-type DNS query“2.1.168.192.in-addr.arpa.”

Also note that these same functionally-limited Internet gateways assumethat the first four labels are decimal numbers between 0 and 255. If thefirst four labels of the PTR-type DNS query are not numbers between 0and 255, these functionally-limited Internet gateways crash. Note that acrash of the Internet gateway can include, but is not limited to theInternet Gateway: failing completely; rebooting; ceasing to respond tonetwork traffic; responding slowly to network traffic; and resetting theconfiguration of the Internet Gateway.

Detecting a Functionally-Limited Internet Router

One embodiment of the present invention detects suchfunctionally-limited Internet gateways by performing a special DNS querythat is constructed to detect the existence of a functional limitationin the configured DNS server without crashing it.

For example, the special query which detects a functional limitation inthe Internet gateway's configured DNS server is the PTR-type DNS query“2.1.168.192.nonsense.”, which produces a NXDOMAIN answer (i.e. domaindoes not exist) in a properly functioning Internet gateway without thefunctional limitation. However, in Internet gateways withfunctionally-limited configured DNS servers, they will attempt to give ahost name in response to the 2.1.168.192.nonsense query, even though thequery was not in fact an “in-addr.arpa” name lookup query.

Unfortunately, the PTR-type DNS query “2.1.168.192.nonsense”, whendirected to a configured DNS server without the above-mentionedfunctional limitations, causes a DNS query to be sent to one of the DNSroot name servers. Since in general the only way for a configured DNSserver to know whether or not a particular top-level domain exists is toask one of the root name servers, every such test query potentiallyresults in a nuisance query being sent to the root name servers.

In one embodiment of the present invention, the special query isconstructed so that the configured DNS server does not communicate witha DNS root name server whether or not the functional limitation exists.

For example, the special query can be“1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.” In this exemplary query,the address “127.0.0.1” is the “loopback address.” The loopback addressis a special IP address available for use when two pieces of networksoftware on the same machine want to communicate with each other usingIP networking mechanisms and programming interfaces, independent ofwhether conventional (inter-machine) IP networking is available.

Also note that every DNS server is supposed to contain a fixed DNSrecord which maps “1.0.0.127.in-addr.arpa.” to the name “localhost”.Hence, any names that are sub-domains of the name“1.0.0.127.in-addr.arpa.” are properly-formed and valid, but are namesthat are known to have no associated DNS records. In other words,“1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.” is a legal name, but anyqueries for that name should yield no results. Therefore, an Internetgateway with a properly functioning configured DNS server returns anNXDOMAIN answer (i.e. domain name does not exist) without having tocommunicate with a DNS root name server to make that determination.

Note that since the last six labels in this PTR-type DNS query is“1.0.0.127.in-addr.arpa.”, an Internet gateway with a properlyfunctioning configured DNS server will not forward the DNS query to theDNS root name server since the Internet gateway's configured DNS serverknows that the IP address is a sub-domain of the loopback address. Sincesub-domains of the loopback address are not used, the configured DNSserver should respond with an NXDOMAIN answer without communicating witha DNS root name server.

Similarly, an Internet gateway with the functional limitation that thespecial query is constructed to detect does not communicate with a DNSroot name server. Recall that an Internet gateway with afunctionally-limited configured DNS server only uses the first fourlabels of the PTR-type DNS query, and interprets this PTR-type DNS queryas the PTR-type DNS query “1.0.0.127.in-addr.arpa.” Since thefunctionally-limited Internet gateway's configured DNS server knows thatthe correct answer for a PTR-type DNS query for“1.0.0.127.in-addr.arpa.” should be “localhost,” the Internet gatewayreturns the answer “localhost” without communicating with any DNS rootname server.

Note that since the PTR-type DNS query string using the loopback addressdoes not query the root DNS servers, it is preferable to use this querystring format to detect the functional limitation in a DNS server.However, other PTR-type DNS query strings not using the loopback addresscan also be used to detect the functional limitation in a DNS server.

FIG. 2 presents a flow chart illustrating the process of determining ifa configured DNS server is functionally-limited in accordance with anembodiment of the present invention. The process begins when the systemsends a special query to the configured DNS server (step 202). In oneembodiment of the present invention, the special query is the PTR-typeDNS query “1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.”

Next the system receives an answer from the configured DNS server (step204). If the answer is the correct response (step 206—YES), the systemconcludes that the configured DNS server is not functionally-limited(step 212). In one embodiment of the present invention, the correctresponse is an NXDOMAIN error code, which indicates that a domain namedoes not exist.

If the answer is incorrect (step 206—NO), the system concludes that theconfigured DNS server is functionally-limited (step 208) and performs aremedial action (step 210).

In one embodiment of the present invention, the remedial action involvestaking steps to avoid performing those certain valid DNS queries thatare believed to have a high likelihood of crashing that particulardevice.

In one embodiment of the present invention, the valid DNS queries to beavoided are those used by Wide-Area Bonjour, a networking technologythat allows clients to discover network services on a wide-area network.

Note that the process described in FIG. 2 is stored on acomputer-readable storage medium, which may be any device or medium thatcan store code and/or data for use by a computer system. This includes,but is not limited to, magnetic and optical storage devices such as diskdrives, magnetic tape, CDs (compact discs) and DVDs (digital versatilediscs or digital video discs).

One embodiment of the present invention tests a domain-name (DNS) serverto determine if the DNS server exhibits a functional limitation. A testquery is transmitted to the DNS server. The test query is constructed toprompt a first response if the functional limitation exists on the DNSserver, and a second response if the functional limitation does notexist on said DNS server. Next, a response to the test query is receivedfrom the DNS server. A determination is made as to whether thefunctional limitation exists on the DNS server.

One embodiment of the present invention evaluates the response of alocal area network (LAN) domain-name server (DNS) coupled to a wide-areanetwork (WAN) to a query of a type known to cause an undesired operationin some DNS servers. A test query is transmitted from a client on theLAN to the LAN DNS server. The query is constructed to generate a firstresponse from the DNS server if the DNS server is of a configurationknown to exhibit the undesired operation, and to generate a secondresponse if the DNS server is not of a configuration known to exhibitthe undesired response. Next, the response from the DNS server isreceived at a LAN client. A determination is made as to whether the DNSserver is of a type known to exhibit the undesired operation. If so, aremedial action is performed at the client in response to thedetermination.

The foregoing descriptions of embodiments of the present invention havebeen presented only for purposes of illustration and description. Theyare not intended to be exhaustive or to limit the present invention tothe forms disclosed. Accordingly, many modifications and variations willbe apparent to practitioners skilled in the art. Additionally, the abovedisclosure is not intended to limit the present invention. The scope ofthe present invention is defined by the appended claims.

1. A method for determining if a domain name system (DNS) server isfunctionally limited, comprising: sending an exploratory query to theDNS server to detect a functional limitation in the DNS server, thefunctional limitation causing the DNS server to: receive the exploratoryquery, which comprises receiving both a first portion and a secondportion of the exploratory query; and based on reading only the firstportion of the exploratory query, send a response to the exploratoryquery; receiving a response to the exploratory query from the DNSserver; and when the response indicates that the functional limitationexists in the DNS server, performing a remedial action.
 2. The method ofclaim 1, wherein the exploratory query comprises“1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.”
 3. The method of claim 2,wherein the exploratory query is a “reverse lookup” DNS query thatqueries a PTR record.
 4. The method of claim 1, wherein the exploratoryquery is configured to detect the functional limitation without at leastone of: causing the DNS server to fail; and causing cause the DNS serverto communicate with a DNS root name server.
 5. The method of claim 1,wherein the method further comprises, when the response does notindicate that a functional limitation exists in the DNS server:determining that the DNS server does not have the functional limitation;and subsequently permitting the sending of DNS queries to the DNS serverthat the DNS server would not properly read if the DNS server had thefunctional limitation.
 6. The method of claim 1, wherein the DNS serverincludes at least one of: a DNS server; a DNS cache; or a DNS relay. 7.The method of claim 1, wherein the remedial action comprises:subsequently avoiding sending DNS queries to the DNS server that the DNSserver will not properly read due to the functional limitation.
 8. Anon-transitory computer-readable storage medium storing instructionsthat, when executed by a computer, cause the computer to perform amethod for determining if a DNS server is functionally limited, themethod comprising: sending an exploratory query to the DNS server todetect a functional limitation in the DNS server, the functionallimitation causing the DNS server to: receive the exploratory query,which comprises receiving both a first portion and a second portion ofthe exploratory query; and based on reading only the first portion ofthe exploratory query, send a response to the exploratory query;receiving a response to the exploratory query from the DNS server; andwhen the response indicates that the functional limitation exists in theDNS server, performing a remedial action.
 9. The computer-readablestorage medium of claim 8, wherein the exploratory query comprises“1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.”
 10. The computer-readablestorage medium of claim 9, wherein the exploratory query is a “reverselookup” DNS query that queries a PTR record.
 11. The computer-readablestorage medium of claim 8, wherein the exploratory query is configuredto detect the functional limitation without at least one of: causing theDNS server to fail; and causing cause the DNS server to communicate witha DNS root name server.
 12. The computer-readable storage medium ofclaim 8, wherein the method further comprises, when the response doesnot indicate that a functional limitation exists in the DNS server:determining that the DNS server does not have the functional limitation;and subsequently permitting the sending of DNS queries to the DNS serverthat the DNS server would not properly read if the DNS server had thefunctional limitation.
 13. The computer-readable storage medium of claim8, wherein the DNS server includes at least one of: a DNS server; a DNScache; or a DNS relay.
 14. The computer-readable storage medium of claim8, wherein the remedial action comprises: subsequently avoiding sendingDNS queries to the DNS server that the DNS server will not properly readdue to the functional limitation.
 15. An apparatus that determines if aDNS server is functionally limited, comprising: a computer that performsoperations for: sending an exploratory query to the DNS server to detecta functional limitation in the DNS server, the functional limitationcausing the DNS server to: receive the exploratory query, whichcomprises receiving both a first portion and a second portion of theexploratory query; and based on reading only the first portion of theexploratory query, send a response to the exploratory query; receiving aresponse to the exploratory query from the DNS server; and when theresponse indicates that the functional limitation exists in the DNSserver, performing a remedial action.
 16. The apparatus of claim 15,wherein the exploratory query comprises“1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa.”
 17. The apparatus ofclaim 16, wherein the exploratory query is a “reverse lookup” DNS querythat queries a PTR record.
 18. The apparatus of claim 15, wherein theexploratory query is configured to detect the functional limitationwithout at least one of: causing the DNS server to fail; and causingcause the DNS server to communicate with a DNS root name server.
 19. Theapparatus of claim 15, wherein the method further comprises, when theresponse does not indicate that a functional limitation exists in theDNS server: determining that the DNS server does not have the functionallimitation; and subsequently permitting the sending of DNS queries tothe DNS server that the DNS server would not properly read if the DNSserver had the functional limitation.
 20. The apparatus of claim 15,wherein the DNS server includes at least one of: a DNS server; a DNScache; or a DNS relay.
 21. The apparatus of claim 15, wherein theremedial action comprises: subsequently avoiding sending DNS queries tothe DNS server that the DNS server will not properly read due to thefunctional limitation.